These packages contain the Linux kernel, the core of any Linux operatingsystem.

Security fixes:

* unsafe sprintf() use in the Bluetooth implementation. Creating a largenumber of Bluetooth L2CAP, SCO, or RFCOMM sockets could result in arbitrarymemory pages being overwritten, allowing a local, unprivileged user tocause a denial of service or escalate their privileges. (CVE-2010-1084,Important)

* a flaw in the Unidirectional Lightweight Encapsulation implementation,allowing a remote attacker to send a specially-crafted ISO MPEG-2 TransportStream frame to a target system, resulting in a denial of service.(CVE-2010-1086, Important)

* NULL pointer dereference in nfs_wb_page_cancel(), allowing a local useron a system that has an NFS-mounted file system to cause a denial ofservice or escalate their privileges on that system. (CVE-2010-1087,Important)

* flaw in sctp_process_unk_param(), allowing a remote attacker to send aspecially-crafted SCTP packet to an SCTP listening port on a target system,causing a denial of service. (CVE-2010-1173, Important)

* race condition between finding a keyring by name and destroying a freedkeyring in the key management facility, allowing a local, unprivilegeduser to cause a denial of service or escalate their privileges.(CVE-2010-1437, Important)

* systems using the kernel NFS server to export a shared memory file systemand that have the sysctl overcommit_memory variable set to never overcommit(a value of 2 by default, it is set to 0), may experience a NULL pointerdereference, allowing a local, unprivileged user to cause a denial ofservice or escalate their privileges. (CVE-2008-7256, CVE-2010-1643,Important)

* when an application has a stack overflow, the stack could silentlyoverwrite another memory mapped area instead of a segmentation faultoccurring, which could lead to local privilege escalation on 64-bitsystems. This issue is fixed with an implementation of a stack guardfeature. (CVE-2010-2240, Important)

* buffer overflow flaws in the kernel's implementation of the server-sideXDR for NFSv4 could allow an attacker on the local network to send aspecially-crafted large compound request to the NFSv4 server, possiblyresulting in a denial of service or code execution. (CVE-2010-2521,Important)

* NULL pointer dereference in the firewire-ohci driver used for OHCIcompliant IEEE 1394 controllers could allow a local, unprivileged user withaccess to /dev/fw* files to issue certain IOCTL calls, causing a denial ofservice or privilege escalation. The FireWire modules are blacklisted bydefault. If enabled, only root has access to the files noted above bydefault. (CVE-2009-4138, Moderate)

* flaw in the link_path_walk() function. Using the file descriptorreturned by open() with the O_NOFOLLOW flag on a subordinate NFS-mountedfile system, could result in a NULL pointer dereference, causing a denialof service or privilege escalation. (CVE-2010-1088, Moderate)

* information leak in the USB implementation. Certain USB errors couldresult in an uninitialized kernel buffer being sent to user-space. Anattacker with physical access to a target system could use this flaw tocause an information leak. (CVE-2010-1083, Low)